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DETAILED ACTION 

1 . Applicant's arguments filed August 6, 2007, have been fully considered but they 
are not persuasive. 

2. Claims 1-5, 8-14, 17-21, 24-31, 33-37, 40-46, and 49-78 are pending and have 
been examined. Claims 6, 7, 15, 16, 22, 23, 32, 38, 39, 47, 48, and 79-84 have been 
canceled. 

Response to Amendment 

3. The objections to claims 42 and 72 are withdrawn. 

4. The objections to claims 59-61 and 79-81 are withdrawn. 

5. The rejection of claims 59 and 79 under 35 U.S.C. 112, second paragraph, is 
withdrawn. 

6. Regarding Applicant's argument that Cheng does not teach a map, Examiner 
respectfully points to the cited portion, where a cookie is used to provide such feature, 
requests from server to server are forwarded and include a cookie value that maps to 
the resource server and the type of credential needed. Examiner further points to col. 2, 
lines 42-67 and continuing on to col. 3, where Cheng teaches each server acts as initial 
network device and holds in formation regarding other servers, and to cols. 1 1-12 where 
an e-Mall architecture is described. Cheng teachings provide multiple servers maintain 
access information to one another, so users of a e-mall don't have to sign on multiple 
times, the corresponding e-shops don't share a single database (col. 11, lines 13-40). 
Applicant's arguments are not persuasive. Perhaps providing more defining language of 
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what the map is, where it resides, and how it is setup, as described in page 10 of the 
specification, may help overcoming Cheng's alleged deficiency. 

7. Regarding the argument that Cheng does not provide the determining, Examiner 
points to the cited portion, where the authentication determines the validity of the 
request by looking for the existence, and the validation of the, if included, cookie. 
Applicant's arguments are not persuasive. 

8. Regarding the argument that Cheng does not disclose sending from one server 
to another, Examiner points to the cited portion, "In the event there was an MDSSO cookie in 
the header, or there was a content field containing a MDSSO cookie, the MDSSO function 24 identifies 
if there are any more domains to be included in the MDSSO (more than one server participate to the 
exchange if they are set up that way) (step 5-E). For example, the MDSSO function 24 might compare its 
own server name with the home server field in line 70 of the hidden form 66, and if these match, it will 
know that it is time to redirect to the home URL. If there is a further domain to visit, the MDSSO function 
24 determines the next domain which is to participate in the MDSSO (step 5-F). The MDSSO function 24 
then generates an HTTP Response with a header 60 and a content portion 62, the content being 
encrypted if appropriate. The header 60 contains the MDSSO cookie as received in the header, or as 
extracted from the content portion of the HTTP Request message. The domain name specified in the 
header specifies the server in the MDSSO group in association with which the MDSSO cookie is to be 
stored. The content includes the hidden form 66 specifying the next domain, and also contains the 
MDSSO cookie. The HTTP Response message thus generated is sent to the user (step 5-G). In the 
event the particular domain is the last domain to be processed (No path, step 5-E), the response header 
contains the MDSSO cookie and specifies the redirection to the original home URL (step 5-H)." (col. 8, 
lines 44-67) Applicant's arguments are not persuasive. 
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Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10. Claims 1-5, 8-14, 17-21, 24-31, 33-37, 40-46, and 49-78 are rejected under 35 
U.S.C. 102(e) as being anticipated by Cheng et al. (US Patent 7,010,582, 
hereinafter Cheng). 

Regarding claims 1,17, and 33, Cheng teaches 

- a computer-implemented method for use in a network environment including 
an enterprise server (abstract), comprising: 

- storing at the enterprise server multiple security credentials for a remote user 
to access respective secure resources residing on a network employing a 
generic application layer network protocol (col. 5, lines 40-67); 

- maintaining a map between one or more resource servers and a type of 
security credential required to access each resource server (col. 8, lines 9- 
43); 

- receiving at the enterprise server a signal representing a request from the 
remote user for a first of the secure resources, wherein the request includes a 
logon credential for the remote user (col. 6, lines 38-67); 
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- determining, by referring to the map and without the intervention of the user, 
the type of security credential for the remote user that is required to access 
the first secure resource (col. 6, lines 38-67); 

- sending from the enterprise server a signal representing a second request to 
retrieve the first secure resource, the second request including a first of the 
security credentials for the user of the type required to access the first secure 
resource (col. 6, lines 49-67, col. 7, lines 1-30); 

- receiving at the enterprise server a signal representing a first single-sign-on 
(SSO) credential generated by a first SSO provider based on the logon 
credential (col. 8, lines 9-43); 

- sending from the enterprise server a signal representing the first SSO 
credential to retrieve the first secure resource when the type of credential 
required to access the first secure resource includes the first SSO credential 
(col. 8, lines 37-67); and 

- sending from the enterprise server a signal representing the first SSO 
credential to retrieve the first secure resource when the type of credential 
required to access the first secure resource includes a second SSO credential 
corresponding to a second SSO provider having a trust relationship with the 
first SSO provider (col. 8, lines 37-67, col. 9, lines 1-60). 

Regarding claims 8, 24, and 40, Cheng teaches 

a computer-implemented method for use in a network environment 
including an enterprise server (abstract), comprising: 
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storing at the enterprise server multiple security credentials for a remote 
user to access respective secure resources residing on a network 
employing a generic application layer network protocol (col. 5, lines 40- 
67); 

maintaining a map between one or more resource servers and a type of 
security credential required to access each resource server (col. 8, lines 
9-43); 

receiving at the enterprise server a signal representing a request from 
the remote user for a first of the secure resources, wherein the request 
includes a logon credential for the remote user (col. 6, lines 38-67); 
determining, by referring to the map and without the intervention of the 
user, the type of security credential for the remote user that is required to 
access the first secure resource (col. 6, lines 38-67); 
sending from the enterprise server a signal representing a second 
request to retrieve the first secure resource, the second request including 
a first of the security credentials for the user of the type required to 
access the first secure resource (col. 6, lines 49-67, col. 7, lines 1-30); 
receiving at the enterprise server a signal representing a first single-sign- 
on (SSO) credential generated by a first SSO provider based on the 
logon credential (col. 8, lines 9-43); 

sending from the enterprise server a signal representing the first SSO 
credential to retrieve the first secure resource when the type of credential 
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required to access the first secure resource includes the first SSO 
credential (col. 8, lines 37-67); 

receiving at the enterprise server a signal representing a second SSO 
credential generated by a second SSO provider based on the first SSO 
credential (col. 8, lines 37-67, col. 9, lines 60-67, col. 10, lines 1-52); 
and 

sending from the enterprise server a signal representing the second SSO 
credential to retrieve the first secure resource when the type of credential 
required to access the first secure resource includes the second SSO 
credential (col. 8, lines 37-67, col. 9, lines 1-60). 
Regarding claims 12 and 44, Cheng teaches 

a computer-implemented method for use in a network environment 

including an enterprise server (abstract), comprising: 

storing at the enterprise server multiple security credentials for a 

remote user to access respective secure resources residing on a network 

employing a generic application layer network protocol (col. 5, lines 40- 

67); 

maintaining a map between one or more resource servers and a type of 
security credential required to access each resource server (col. 8, lines 
9-43); 
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receiving at the enterprise server a signal representing a request from a 
the remote user for a first of the secure resources, wherein the request 
includes a logon credential for the remote user (col. 6, lines 38-67); 
determining, by referring to the map and without the intervention of the 
user, the type of security credential for the remote user that is required to 
access the first secure resource (col. 6, lines 38-67); 
sending from the enterprise server a signal representing a second 
request to retrieve the first secure resource, the second request including 
a first of the security credentials for the user of the type required to 
access the first secure resource, wherein the receiving includes receiving 
at the enterprise server a signal representing a third request from the 
remote user for a second of the secure resources residing on the 
network (col. 6, lines 49-67, col. 7, lines 1-30), 
determining, without the intervention of the user, the type of security 
credential for the remote user that is required to access the second 
secure resource (col. 6, lines 38-67, col. 8, lines 10-67); and 
sending from the enterprise server a signal representing a fourth request 
for retrieving the second secure resource, the fourth request including a 
second of the security credentials for the user of the type required to 
access the second secure resource (col. 8, lines 37-67, col. 9, lines 1- 
60); and 
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wherein the signals representing the second and fourth requests are sent 
concurrently (col. 11, lines 1-13). 
Regarding claims 2, 18, 34, 49, and 69, Cheng teaches authenticating the user 
before sending the signal representing the second request (col. 7, lines 24-50). 

Regarding claims 3, 19, 35, 50, and 70, Cheng teaches receiving at the 
enterprise server a signal representing a response to the second request (col. 11, lines 
25-55); and sending from the enterprise server a signal representing a result to the 
remote user, the result based on the response to the second request (col. 11, lines 25- 
55). 

Regarding claims 4, 20, 36, 51, and 71, Cheng teaches wherein the request 
includes a logon credential for the remote user, the method further comprising: 
authenticating the remote user based on the logon credential before sending the 
second request (col. 9, lines 1-37). 

Regarding claims 5 and 21, Cheng teaches wherein the request includes a 
logon credential for the remote user and the type of security credential required to 
access the first secure resource includes the logon credential (col. 10, lines 19-65), the 
method further comprising : sending the signal representing the second request to 
retrieve the first secure resource, the second request including the logon credential 
(col. 9, lines 1-37). 

Regarding claims 9, 25, 41, 53, 56, 59, 62, 73, and 76, Cheng teaches wherein 
the generic application-layer network protocol is hypertext transfer protocol (col. 6, 
lines 3-17). 
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Regarding claims 10, 26, 42, 54, 57, 60, 63, 74, and 77, Cheng teaches 
receiving at the enterprise server a signal representing data in response to the second 
request (col. 11, lines 25-55); and sending from the enterprise server a signal 
representing at least a portion of the data to the remote user (col. 11, lines 55-67, col. 
12, lines 1-25). 

Regarding claims 28 and 65, Cheng teaches wherein the means for receiving 
includes means for receiving at the enterprise server a signal representing a third 
request from the remote user for a second secure resource residing on the network 
(col. 6, lines 38-67, col. 11, lines 1-13), the apparatus further comprising: determining, 
without the intervention of the user, the type of security credential for the remote user 
that is required to access the second secure resource (col. 6, lines 38-67); and sending 
from the enterprise server a signal representing a fourth request to retrieve the second 
secure resource, the fourth request including a second of the security credentials for the 
user of the type required to access the second secure resource (col. 8, lines 37-67, 
col. 9, lines 1-60); and wherein the signals representing the second and fourth requests 
are sent concurrently (col. 11, lines 1-13). 

Regarding claims 31 and 68, Cheng teaches receiving at the enterprise server 
a signal representing the first security credential from the user before receiving the 
signal representing the first request (col. 5, lines 40-67). 

Regarding claims 37, 52, and 72, Cheng teaches wherein the request includes 
a logon credential for the remote user and the type of security credential required to 
access the first secure resource includes the logon credential (col. 8, lines 37-67, col. 
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9, lines 1-45), wherein the method further comprises: sending from the enterprise 
server the signal representing the second request to retrieve the first secure resource, 
the second request including the logon credential (col. 8, lines 37-67). 

Regarding claims 13, 29, 45, and 66, Cheng teaches wherein the types of 
security credentials included in the second and fourth requests differ (col. 8, lines 37- 
67, col. 9, lines 1-45). 

Regarding claims 14, 30, 46, and 67, Cheng teaches wherein the types of 
security credentials included in the second and fourth requests are the same (col. 8, 
lines 37-67). 

Regarding claims 11, 27, 43, 55, 58, 61, 64, 75, and 78, Cheng teaches 
wherein the first secure resource includes a Web site, and the data is hypertext mark-up 
language (col. 6, lines 3-17, col. 11, lines 25-55). 

Conclusion 

11. Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims below for the convenience of the applicant. Although 
the specified citations are representative of the teachings in the art and are applied to 
the specific limitations within the individual claim, other passages and figures may apply 
as well. It is respectfully requested that the applicant, in preparing the responses, fully 
consider the references in entirety as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior art or disclosed 
by the examiner. 
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12. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

13. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571)272- 
5861. The examiner can normally be reached on Monday-Tuesday and Thursday- 
Friday. 

14. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

15. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/David Garcia Cervetti/ 
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